Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Fedora 39: 2023-d9d55a0bfc Moderate: OpenVPN Memory Error Fix

fedora
Calendar Grey November 23, 2023
Dist Fedora Esm H88
OpenVPN 2.6.8 tackles important security flaws that were discovered in Fedora 39. Make sure your setup is secure.
This is an extended update of the OpenVPN 2.6.7 release which contains security fixes for CVE-2023-46849 and CVE-2023-46850

Summary

OpenVPN is a robust and highly flexible tunneling application that uses all

of the encryption, authentication, and certification features of the

OpenSSL library to securely tunnel IP networks over a single UDP or TCP

port. It can use the Marcus Franz Xaver Johannes Oberhumers LZO library

for compression.

Update Information:

This is an extended update of the OpenVPN 2.6.7 release which contains security fixes for CVE-2023-46849 and CVE-2023-46850. That release had a regression causing the `openvpn` daemon to segfault frequently; which is why the 2.6.7 release was pulled. This 2.6.8 release contains a fix for the regression issue as well.

Topics%20covered

Topics Covered

security advisory moderate update Fedora segfault OpenVPN memory error

Change Log

* Mon Nov 20 2023 David Sommerseth - 2.6.8-1 - Update to upstream OpenPVN 2.6.7 - Fixes a regression from 2.6.7 resulting in a SIGSEGV (GitHub#449) * Thu Nov 9 2023 David Sommerseth - 2.6.7-1 - Update to upstream OpenVPN 2.6.7 - Fixes CVE-2023-46849, CVE-2023-46850 - Fix false exit status on pre runtime scriptlet (Elkhan Mammadli , RHBZ#2239722) - Fix regression of systemctl scriptlet globbing issues (RHBZ#1887984); reintroduced in openvpn-2.6.0-1

References


[ 1 ] Bug #2250097 - CVE-2023-46849 openvpn: Use of --fragment option can lead to a division by zero error [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2250097 [ 2 ] Bug #2250100 - CVE-2023-46850 openvpn: Incorrect use of send buffer can cause memory to be sent to peer [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2250100 [ 3 ] Bug #2250513 - openvpn-2.6.8 is available https://bugzilla.redhat.com/show_bug.cgi?id=2250513

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-d9d55a0bfc' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html

Name: openvpn
Product: Fedora 39
Version: 2.6.8
Release: 1.fc39
URL: https://community.openvpn.net/openvpn
Summary: A full-featured TLS VPN solution (beta release)

Topics%20covered

Topics Covered

security advisory moderate update Fedora segfault OpenVPN memory error

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here